function clean($message = '') { global $prefs; extract($prefs); pagetop("Cache Cleaner", ps("txp_token") === md5($lastmod) ? "Successful" : "Token expired. Please try again."); if (ps("txp_token") === md5($lastmod)) { echo "<div align=\"center\" style=\"margin-top:3em\">"; printf("Deleted %s files. Cache is clean.", '' . txp_flushdir(true)); echo "</div>"; } echo "<div align=\"center\" style=\"margin-top:3em\">"; echo form(tag("Cache-Cleaner", "h3") . graf("Usually you don't need to do that. Cache is <b>automatically</b> cleared <br />1)\n\t\t\t\t after a certain amount of time <br />2) when a comment is posted, edited or moderated\n\t\t\t <br />3) after a page-template or form-tag is modified.<br />4) after template import.<br />5) after article update.<br /><br />" . fInput("hidden", "txp_token", md5($lastmod)) . fInput("submit", "clean_cache", "Clean all cached Files", "smallerbox") . eInput("cache") . sInput("clean"), " style=\"text-align:center\"")); echo tag("Cache Statistics", "h3"); global $path_to_site; $count = array('size' => 0, 'num' => 0); $txp_cache_dir = txpath . "/cache"; if (!empty($txp_cache_dir) and $fp = opendir($txp_cache_dir)) { while (false !== ($file = readdir($fp))) { if ($file[0] != ".") { $count['size'] += filesize("{$txp_cache_dir}/{$file}"); ++$count['num']; } } closedir($fp); printf("There are %d cache files with a total size of %d kb.", $count['num'], floor($count['size'] / 1000)); } else { echo "Cache is empty."; } include $path_to_site . '/textpattern/lib/txp_cache/cache-config.php'; echo "</div>"; }
function doTxpValidate() { global $logout, $txpcfg; $p_userid = ps('p_userid'); $p_password = ps('p_password'); $logout = gps('logout'); $stay = ps('stay'); if ($logout) { setcookie('txp_login', '', time() - 3600); } if (!empty($_COOKIE['txp_login']) and !$logout) { // cookie exists @(list($c_userid, $cookie_hash) = split(',', $_COOKIE['txp_login'])); $nonce = safe_field('nonce', 'txp_users', "name='{$c_userid}'"); if (md5($c_userid . $nonce) === $cookie_hash && $nonce) { // check nonce $GLOBALS['txp_user'] = $c_userid; // cookie is good, create $txp_user return ''; } else { // something's gone wrong $GLOBALS['txp_user'] = ''; setcookie('txp_login', '', time() - 3600); return gTxt('bad_cookie'); } } elseif ($p_userid and $p_password) { // no cookie, but incoming login vars sleep(3); // should grind dictionary attacks to a halt if (txp_validate($p_userid, $p_password)) { $nonce = safe_field('nonce', 'txp_users', "name='{$p_userid}'"); if (!$nonce) { define('TXP_UPDATE', 1); include_once txpath . '/update/_update.php'; exit(graf('Please reload')); } if ($stay) { // persistent cookie required setcookie('txp_login', $p_userid . ',' . md5($p_userid . $nonce), time() + 3600 * 24 * 365); // expires in 1 year } else { // session-only cookie required setcookie('txp_login', $p_userid . ',' . md5($p_userid . $nonce)); setcookie('txp_nostay', '1', time() + 3600 * 24 * 365); // remember nostay for 1 year } $GLOBALS['txp_user'] = $p_userid; // login is good, create $txp_user return ''; } else { $GLOBALS['txp_user'] = ''; return gTxt('could_not_log_in'); } } else { $GLOBALS['txp_user'] = ''; return gTxt('login_to_textpattern'); } }
function page_delete() { if (ps('name') == 'default') { return page_edit(); } $name = doSlash(ps('name')); safe_delete("txp_page", "name='{$name}'"); page_edit(messenger('page', $name, 'deleted')); }
function page_delete() { $name = doSlash(ps('name')); if ($name == 'default') { return page_edit(); } safe_delete('txp_page', "name = '{$name}'"); $message = gTxt('page_deleted', array('{name}' => $name)); page_edit($message); }
function doTxpValidate() { global $logout, $txpcfg; $p_userid = ps('p_userid'); $p_password = ps('p_password'); $logout = gps('logout'); $stay = ps('stay'); if ($logout) { setcookie('txp_login', ' ', time() - 3600); } if (isset($_COOKIE['txp_login']) and !$logout) { // cookie exists list($c_userid, $cookie_hash) = split(',', $_COOKIE['txp_login']); $nonce = safe_field('nonce', 'txp_users', "name='{$c_userid}'"); if (md5($c_userid . $nonce) == $cookie_hash) { // check secret word $GLOBALS['txp_user'] = $c_userid; // cookie is good, create $txp_user return ''; } else { // something's gone wrong $GLOBALS['txp_user'] = ''; setcookie('txp_login', '', time() - 3600); return gTxt('bad_cookie'); } } elseif ($p_userid and $p_password) { // no cookie, but incoming login vars sleep(3); // should grind dictionary attacks to a halt if (txp_validate($p_userid, $p_password)) { $nonce = safe_field('nonce', 'txp_users', "name='{$p_userid}'"); if (!$nonce) { exit(graf('Missing authentication information. Please run _update.php')); } if ($stay) { // persistent cookie required setcookie('txp_login', $p_userid . ',' . md5($p_userid . $nonce), time() + 3600 * 24 * 365); // expires in 1 year } else { // session-only cookie required setcookie('txp_login', $p_userid . ',' . md5($p_userid . $nonce)); } $GLOBALS['txp_user'] = $p_userid; // login is good, create $txp_user return ''; } else { $GLOBALS['txp_user'] = ''; return gTxt('could_not_log_in'); } } else { $GLOBALS['txp_user'] = ''; return gTxt('login_to_textpattern'); } }
function txp_article_table() { $table = new txp_article_table(); $setup_comment_invite = addslashes(gTxt('setup_comment_invite') == 'setup_comment_invite' ? 'Comment' : gTxt('setup_comment_invite')); $name = ps('name'); if (empty($name)) { $name = 'textpattern'; } if (!$table->row(array('id' => 1))) { $table->insert(array('id' => ZEM_INCVAL, 'posted' => 'now()', 'author_id' => "{$name}", 'lastmod' => 'now()', 'title' => 'First Post', 'body' => 'Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec rutrum est eu mauris. In volutpat blandit felis. Suspendisse eget pede. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos hymenaeos. Quisque sed arcu. Aenean purus nulla, condimentum ac, pretium at, commodo sit amet, turpis. Aenean lacus. Ut in justo. Ut viverra dui vel ante. Duis imperdiet porttitor mi. Maecenas at lectus eu justo porta tempus. Cras fermentum ligula non purus. Duis id orci non magna rutrum bibendum. Mauris tincidunt, massa in rhoncus consectetuer, lectus dui ornare enim, ut egestas ipsum purus id urna. Vestibulum volutpat porttitor metus. Donec congue vehicula ante.', 'body_html' => ' <p>Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec rutrum est eu mauris. In volutpat blandit felis. Suspendisse eget pede. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos hymenaeos. Quisque sed arcu. Aenean purus nulla, condimentum ac, pretium at, commodo sit amet, turpis. Aenean lacus. Ut in justo. Ut viverra dui vel ante. Duis imperdiet porttitor mi. Maecenas at lectus eu justo porta tempus. Cras fermentum ligula non purus. Duis id orci non magna rutrum bibendum. Mauris tincidunt, massa in rhoncus consectetuer, lectus dui ornare enim, ut egestas ipsum purus id urna. Vestibulum volutpat porttitor metus. Donec congue vehicula ante.</p>\\n\\n\\n ', 'excerpt' => '', 'excerpt_html' => '\\n\\n\\n ', 'annotate' => 1, 'annotateinvite' => "{$setup_comment_invite}", 'comments_count' => 1, 'status' => 4, 'markup_body' => 1, 'markup_excerpt' => 1, 'section' => 'article', 'url_title' => 'first-post', 'uid' => 'becfea8fd42801204463b23701199f28', 'feed_time' => 'now()')); } }
function export($message = '') { global $prefs; extract($prefs); $template = new template(); pagetop(gTxt('template'), $message); print "\n <style type='text/css'>\n .success { color: #009900; }\n .failure { color: #FF0000; }\n </style>\n\t\t\t\n <table cellpadding='0' cellspacing='0' border='0' id='list' align='center'>\n <tr>\n <td>\n "; $dir = ps('export_dir'); $dir = str_replace(array(" "), array("-"), $dir); $template->export($dir); print "\n </td>\n </tr>\n </table>\n "; }
function doTxpValidate() { global $logout, $txpcfg, $txp_user; $p_userid = ps('p_userid'); $p_password = ps('p_password'); $logout = gps('logout'); $stay = ps('stay'); if ($logout) { setcookie('txp_login', '', time() - 3600); } if (!empty($_COOKIE['txp_login']) and !$logout) { @(list($c_userid, $cookie_hash) = split(',', cs('txp_login'))); $nonce = safe_field('nonce', 'txp_users', "name='" . doSlash($c_userid) . "'"); if ($nonce && $nonce === md5($c_userid . pack('H*', $cookie_hash))) { // cookie is good, create $txp_user $txp_user = $c_userid; return ''; } else { // something's gone wrong $txp_user = ''; setcookie('txp_login', '', time() - 3600); return gTxt('bad_cookie'); } } elseif ($p_userid and $p_password) { sleep(3); // should grind dictionary attacks to a halt if (txp_validate($p_userid, $p_password)) { $cookie_hash = md5(uniqid(rand())); safe_update('txp_users', "nonce = '" . doSlash(md5($p_userid . pack('H*', $cookie_hash))) . "'", "name = '" . doSlash($p_userid) . "'"); if ($stay) { setcookie('txp_login', $p_userid . ',' . $cookie_hash, time() + 3600 * 24 * 365); // expires in 1 year if (cs('txp_nostay')) { setcookie('txp_nostay', '', time() - 3600); } } else { setcookie('txp_login', $p_userid . ',' . $cookie_hash); setcookie('txp_nostay', '1', time() + 3600 * 24 * 365); // remember nostay for 1 year } $txp_user = $p_userid; // login is good, create $txp_user return ''; } else { $txp_user = ''; return gTxt('could_not_log_in'); } } else { $txp_user = ''; return gTxt('login_to_textpattern'); } }
function _sed_article_delete_callback($event, $step) { # When an article is deleted from the DB we need to recalc the # first post year and last update year, just in case that article # was setting one or both of those dates... if (!empty($step) and 'list_multi_edit' == $step) { require_privs('article'); $method = ps('method'); $things = ps('selected'); if ($things and $method == 'delete') { _update_cache(); } } }
function page_delete() { $name = ps('name'); $count = safe_count('txp_section', "page = '" . doSlash($name) . "'"); if ($name == 'error_default') { return page_edit(); } if ($count) { $message = gTxt('page_used_by_section', array('{name}' => $name, '{count}' => $count)); } else { safe_delete('txp_page', "name = '" . doSlash($name) . "'"); $message = gTxt('page_deleted', array('{name}' => $name)); } page_edit($message); }
function form_multi_edit() { $method = ps('method'); $forms = ps('selected_forms'); if (is_array($forms)) { if ($method == 'delete') { foreach ($forms as $name) { if (form_delete($name)) { $deleted[] = $name; } } form_edit(messenger('form', join(', ', $deleted), 'deleted')); } } else { form_edit('nothing to delete'); } }
function asy_jpcachecleaner($event, $step) { global $lastmod, $prefs, $path_to_site; // ps() returns the contents of POST vars, if any; if (ps("step") === "clean") { pagetop("JPCache Cleaner", ps("asy_token") === md5($lastmod) ? "Successful" : "Token expired. Please try again."); if (ps("asy_token") === md5($lastmod)) { echo "<div align=\"center\" style=\"margin-top:3em\">"; printf("Deleted %s files. Cache is clean.", '' . asy_flushdir(true)); echo "</div>"; } } else { pagetop("JPCache Cleaner"); } echo "<div align=\"center\" style=\"margin-top:3em\">"; echo form(tag("JPCache-Cleaner", "h3") . graf("Usually you don't need to do that. Cache is <b>automatically</b> cleared <br />1)\n\t\t\t\t after a certain amount of time <br />2) when a comment is posted, edited or moderated\n\t\t\t <br />3) after a page-template or form-tag is is modified.<br /><br />" . fInput("hidden", "asy_token", md5($lastmod)) . fInput("submit", "clean_cache", "Clean all cached Files", "smallerbox") . eInput("asy_jpcache") . sInput("clean"), " style=\"text-align:center\"")); echo tag("Cache Statistics", "h3"); global $path_to_site; $count = array('size' => 0, 'num' => 0); $asy_cache_dir = $path_to_site . '/jpcache/cache'; if (!empty($asy_cache_dir) and $fp = opendir($asy_cache_dir)) { while (false !== ($file = readdir($fp))) { if ($file[0] != ".") { $count['size'] += filesize("{$asy_cache_dir}/{$file}"); ++$count['num']; } } closedir($fp); printf("There are %d cache files with a total size of %d kb.", $count['num'], floor($count['size'] / 1000)); } else { echo "Cache is empty."; } include $path_to_site . '/jpcache/jpcache-config.php'; /* if (@$JPCACHE_TXPLOG_DO == 1 && $prefs['logging']=='all'){ echo tag("Read-Write-Ratio<sup>1</sup>","h3");; $cachehits = safe_field('COUNT( id ) as hit', 'txp_log', "page LIKE '%#cachehit'"); $totalhits = getThing("SELECT MIN(time) FROM ".PFX."txp_log WHERE page LIKE '%#cachehit'"); $totalhits = getThing("SELECT COUNT(id) FROM ".PFX."txp_log WHERE time > '". $totalhits."'"); printf("There were <b>%d</b> cache-reads recorded and <b>%d</b> possible cache-writes. <br />Average number of reads per write: <b>%01.2f</b>",$cachehits, $totalhits-$cachehits, (($totalhits-$cachehits) > 0) ? ($cachehits/($totalhits-$cachehits)) : '0'); echo "<br /><br /><sup>1</sup>This is a (low) Approximation. Initially wait a week before numbers become meaningful."; } */ echo "</div>"; }
function form_multi_edit() { global $essential_forms; $method = ps('edit_method'); $forms = ps('selected_forms'); if ($forms and is_array($forms)) { if ($method == 'delete') { foreach ($forms as $name) { if (!in_array($name, $essential_forms) && form_delete($name)) { $deleted[] = $name; } } $message = gTxt('forms_deleted', array('{list}' => join(', ', $deleted))); form_edit($message); } } else { form_edit(); } }
function rss_admin_editlink($event, $step) { global $rss_ae_cookie; include txpath . '/include/txp_prefs.php'; if (!isset($rss_ae_cookie)) { $rss_ae_cookie = "rss_article_edit"; $rs = safe_insert('txp_prefs', "name='rss_ae_cookie', val='{$rss_ae_cookie}', prefs_id='1'"); } if (gps("add")) { safe_update("txp_prefs", "val = '" . addslashes(ps('rss_ae_cookie')) . "'", "name = 'rss_ae_cookie' and prefs_id ='1'"); setcookie($rss_ae_cookie, $rss_ae_cookie, time() + 31536000, "/"); header("Location: index.php?event=editlink"); } else { if (gps("rem")) { safe_update("txp_prefs", "val = '" . addslashes(ps('rss_ae_cookie')) . "'", "name = 'rss_ae_cookie' and prefs_id ='1'"); setcookie($rss_ae_cookie, $rss_ae_cookie, time() - 3600, "/"); header("Location: index.php?event=editlink"); } } pagetop("Edit Link"); $aeset = isset($_COOKIE[$rss_ae_cookie]) ? "" : " not"; $tdaStyle = ' style="text-align:right;vertical-align:middle"'; echo form(startTable("list") . tr(tdcs(hed("Add/Remove Public Site Article Edit Link", 1), 2)) . tr(tda(graf('Cookie ' . $rss_ae_cookie . ' is' . $aeset . ' set.', ' align="center"'), ' colspan="2"')) . tr(tda(gTxt('Cookie Name:'), ' style="text-align:right;vertical-align:middle"') . tda(text_input("rss_ae_cookie", $rss_ae_cookie, '20'), ' ')) . tr(tda(graf(fInput("submit", "add", gTxt("Add Edit Link"), "publish") . fInput("submit", "rem", gTxt("Remove Edit Link"), "publish") . eInput("editlink"), ' align="center"'), ' colspan="2"')) . endTable()); }
/** * Validates a token. * * @return bool */ protected function valid_token() { $args = func_get_args(); return ps('token') === md5(join('', $args) . ps('origin') . form_token() . get_pref('blog_uid')); }
function plugin_multi_edit() { $selected = ps('selected'); $method = ps('edit_method'); if (!$selected or !is_array($selected)) { return plugin_list(); } $where = "name IN ('" . join("','", doSlash($selected)) . "')"; switch ($method) { case 'delete': foreach ($selected as $name) { if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) { load_plugin($name, true); callback_event("plugin_lifecycle.{$name}", 'disabled'); callback_event("plugin_lifecycle.{$name}", 'deleted'); } } safe_delete('txp_plugin', $where); break; case 'changestatus': foreach ($selected as $name) { if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) { $status = safe_field('status', 'txp_plugin', "name ='" . doSlash($name) . "'"); load_plugin($name, true); // NB: won't show returned messages anywhere due to potentially overwhelming verbiage. callback_event("plugin_lifecycle.{$name}", $status ? 'disabled' : 'enabled'); } } safe_update('txp_plugin', 'status = (1-status)', $where); break; case 'changeorder': $order = min(max(intval(ps('order')), 1), 9); safe_update('txp_plugin', 'load_order = ' . $order, $where); break; } $message = gTxt('plugin_' . ($method == 'delete' ? 'deleted' : 'updated'), array('{name}' => join(', ', $selected))); plugin_list($message); }
function author_delete() { require_privs('admin.edit'); $user_id = assert_int(ps('user_id')); $name = fetch('Realname', 'txp_users', 'user_id', $user_id); if ($name) { $rs = safe_delete('txp_users', "user_id = {$user_id}"); if ($rs) { admin(gTxt('author_deleted', array('{name}' => $name))); } } }
function ign_user_delete() { global $ign_user_db; $user_id = ps('user_id'); $name = fetch('Realname', $ign_user_db, 'user_id', $user_id); if ($name) { $rs = safe_delete($ign_user_db, "user_id = '{$user_id}'"); if ($rs) { ign_admin(messenger('user', $name, 'deleted')); } } }
function createTxp() { $GLOBALS['textarray'] = setup_load_lang($_SESSION['lang']); $_SESSION['name'] = ps('name'); $_SESSION['realname'] = ps('RealName'); $_SESSION['pass'] = ps('pass'); $_SESSION['email'] = ps('email'); $_SESSION['theme'] = ps('theme'); if ($_SESSION['name'] == '') { echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('name_required') . '</span>') . n . setup_back_button(__FUNCTION__) . n . '</div>' . n . '</div>'; exit; } if (!$_SESSION['pass']) { echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('pass_required') . '</span>') . n . setup_back_button(__FUNCTION__) . n . '</div>' . n . '</div>'; exit; } if (!is_valid_email($_SESSION['email'])) { echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('email_required') . '</span>') . n . setup_back_button(__FUNCTION__) . n . '</div>' . n . '</div>'; exit; } global $txpcfg; if (!isset($txpcfg['db'])) { if (!is_readable(txpath . '/config.php')) { $problems[] = graf('<span class="error">' . setup_gTxt('config_php_not_found', array('{file}' => txpspecialchars(txpath . '/config.php')), 'raw') . '</span>'); } else { @(include txpath . '/config.php'); } } if (!isset($txpcfg) || $txpcfg['db'] != $_SESSION['ddb'] || $txpcfg['table_prefix'] != $_SESSION['dprefix']) { $problems[] = graf('<span class="error">' . setup_gTxt('config_php_does_not_match_input', 'raw') . '</span>'); echo txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . join(n, $problems) . n . setup_config_contents() . n . '</div>' . n . '</div>'; exit; } $ddb = $txpcfg['db']; $duser = $txpcfg['user']; $dpass = $txpcfg['pass']; $dhost = $txpcfg['host']; $dclient_flags = isset($txpcfg['client_flags']) ? $txpcfg['client_flags'] : 0; $dprefix = $txpcfg['table_prefix']; $dbcharset = $txpcfg['dbcharset']; $siteurl = str_replace("http://", '', $_SESSION['siteurl']); $siteurl = str_replace(' ', '%20', rtrim($siteurl, "/")); $urlpath = preg_replace('#^[^/]+#', '', $siteurl); define("PFX", trim($dprefix)); define('TXP_INSTALL', 1); include_once txpath . '/lib/txplib_update.php'; include txpath . '/setup/txpsql.php'; $nonce = md5(uniqid(rand(), true)); $hash = doSlash(txp_hash_password($_SESSION['pass'])); mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,\n\t\t\t'" . doSlash($_SESSION['name']) . "',\n\t\t\t'{$hash}',\n\t\t\t'" . doSlash($_SESSION['realname']) . "',\n\t\t\t'" . doSlash($_SESSION['email']) . "',\n\t\t\t1,\n\t\t\tnow(),\n\t\t\t'{$nonce}')"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'"); mysql_query("update `" . PFX . "textpattern` set Body = replace(Body, 'siteurl', '" . doSlash($urlpath) . "'), Body_html = replace(Body_html, 'siteurl', '" . doSlash($urlpath) . "') WHERE ID = 1"); // cf. update/_to_4.2.0.php. // TODO: Position might need altering when prefs panel layout is altered $theme = $_SESSION['theme'] ? $_SESSION['theme'] : 'classic'; mysql_query("insert `" . PFX . "txp_prefs` set prefs_id = 1, name = 'theme_name', val = '" . doSlash($theme) . "', type = '1', event = 'admin', html = 'themename', position = '160'"); echo fbCreate(); }
function sed_lib_zemcontact_submit() { $checking_mail_field = trim(ps('mail')); $checking_phone_field = trim(ps('phone')); $evaluation =& get_zemcontact_evaluator(); if ($checking_mail_field != '' || $checking_phone_field != '') { $evaluation->add_zemcontact_status(1); } return; }
/** * Processes multi-edit actions. * * Accessing requires 'admin.edit' privileges. */ function admin_multi_edit() { global $txp_user; require_privs('admin.edit'); $selected = ps('selected'); $method = ps('edit_method'); $changed = array(); $msg = ''; if (!$selected or !is_array($selected)) { return author_list(); } $names = safe_column('name', 'txp_users', "name IN (" . join(',', quote_list($selected)) . ") AND name != '" . doSlash($txp_user) . "'"); if (!$names) { return author_list(); } switch ($method) { case 'delete': $assign_assets = ps('assign_assets'); if (!$assign_assets) { $msg = array('must_reassign_assets', E_ERROR); } elseif (in_array($assign_assets, $names)) { $msg = array('cannot_assign_assets_to_deletee', E_ERROR); } elseif (remove_user($names, $assign_assets)) { $changed = $names; callback_event('authors_deleted', '', 0, $changed); $msg = 'author_deleted'; } break; case 'changeprivilege': if (change_user_group($names, ps('privs'))) { $changed = $names; $msg = 'author_updated'; } break; case 'resetpassword': foreach ($names as $name) { $passwd = generate_password(PASSWORD_LENGTH); if (change_user_password($name, $passwd)) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); if (send_new_password($passwd, $email, $name)) { $changed[] = $name; $msg = 'author_updated'; } else { return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR)); } } } break; } if ($changed) { return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed))))); } author_list($msg); }
function article_edit($message = '', $concurrent = FALSE) { global $vars, $txp_user, $comments_disabled_after, $txpcfg, $prefs; extract($prefs); extract(gpsa(array('view', 'from_view', 'step'))); if (!empty($GLOBALS['ID'])) { // newly-saved article $ID = $GLOBALS['ID']; $step = 'edit'; } else { $ID = gps('ID'); } include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); // switch to 'text' view upon page load and after article post if (!$view || gps('save') || gps('publish')) { $view = 'text'; } if (!$step) { $step = "create"; } if ($step == "edit" && $view == "text" && !empty($ID) && $from_view != 'preview' && $from_view != 'html' && !$concurrent) { $pull = true; //-- it's an existing article - off we go to the db $ID = assert_int($ID); $rs = safe_row("*, unix_timestamp(Posted) as sPosted,\n\t\t\t\tunix_timestamp(Expires) as sExpires,\n\t\t\t\tunix_timestamp(LastMod) as sLastMod", "textpattern", "ID={$ID}"); extract($rs); $reset_time = $publish_now = $Status < 4; } else { $pull = false; //-- assume they came from post if ($from_view == 'preview' or $from_view == 'html') { $store_out = array(); $store = unserialize(base64_decode(ps('store'))); foreach ($vars as $var) { if (isset($store[$var])) { $store_out[$var] = $store[$var]; } } } else { $store_out = gpsa($vars); if ($concurrent) { $store_out['sLastMod'] = safe_field('unix_timestamp(LastMod) as sLastMod', 'textpattern', 'ID=' . $ID); } } extract($store_out); } $GLOBALS['step'] = $step; if ($step == 'create') { $textile_body = $use_textile; $textile_excerpt = $use_textile; } if ($step != 'create') { // Previous record? $prev_id = checkIfNeighbour('prev', $sPosted); // Next record? $next_id = checkIfNeighbour('next', $sPosted); } $page_title = $Title ? $Title : gTxt('write'); pagetop($page_title, $message); echo n . n . '<form name="article" method="post" action="index.php">'; if (!empty($store_out)) { echo hInput('store', base64_encode(serialize($store_out))); } echo hInput('ID', $ID) . eInput('article') . sInput($step) . '<input type="hidden" name="view" />' . startTable('edit') . '<tr>' . n . '<td id="article-col-1">'; if ($view == 'text') { //-- markup help -------------- echo side_help($textile_body, $textile_excerpt) . '<h3 class="plain"><a href="#advanced" onclick="toggleDisplay(\'advanced\'); return false;">' . gTxt('advanced_options') . '</a></h3>', '<div id="advanced" class="toggle" style="display:none">', n . graf('<label for="markup-body">' . gTxt('article_markup') . '</label>' . br . pref_text('textile_body', $textile_body, 'markup-body')), n . graf('<label for="markup-excerpt">' . gTxt('excerpt_markup') . '</label>' . br . pref_text('textile_excerpt', $textile_excerpt, 'markup-excerpt')), $allow_form_override ? graf('<label for="override-form">' . gTxt('override_default_form') . '</label>' . sp . popHelp('override_form') . br . form_pop($override_form, 'override-form')) : '', $custom_1_set ? custField(1, $custom_1_set, $custom_1) : '', $custom_2_set ? custField(2, $custom_2_set, $custom_2) : '', $custom_3_set ? custField(3, $custom_3_set, $custom_3) : '', $custom_4_set ? custField(4, $custom_4_set, $custom_4) : '', $custom_5_set ? custField(5, $custom_5_set, $custom_5) : '', $custom_6_set ? custField(6, $custom_6_set, $custom_6) : '', $custom_7_set ? custField(7, $custom_7_set, $custom_7) : '', $custom_8_set ? custField(8, $custom_8_set, $custom_8) : '', $custom_9_set ? custField(9, $custom_9_set, $custom_9) : '', $custom_10_set ? custField(10, $custom_10_set, $custom_10) : '', n . graf('<label for="keywords">' . gTxt('keywords') . '</label>' . sp . popHelp('keywords') . br . n . '<textarea id="keywords" name="Keywords" cols="18" rows="5">' . htmlspecialchars(str_replace(',', ', ', $Keywords)) . '</textarea>'), n . graf('<label for="article-image">' . gTxt('article_image') . '</label>' . sp . popHelp('article_image') . br . fInput('text', 'Image', $Image, 'edit', '', '', 22, '', 'article-image')), n . graf('<label for="url-title">' . gTxt('url_title') . '</label>' . sp . popHelp('url_title') . br . fInput('text', 'url_title', $url_title, 'edit', '', '', 22, '', 'url-title')), '</div> <h3 class="plain"><a href="#recent" onclick="toggleDisplay(\'recent\'); return false;">' . gTxt('recent_articles') . '</a>' . '</h3>' . '<div id="recent" class="toggle" style="display:none">'; $recents = safe_rows_start("Title, ID", 'textpattern', "1=1 order by LastMod desc limit 10"); if ($recents) { echo '<ul class="plain-list">'; while ($recent = nextRow($recents)) { if (!$recent['Title']) { $recent['Title'] = gTxt('untitled') . sp . $recent['ID']; } echo n . t . '<li><a href="?event=article' . a . 'step=edit' . a . 'ID=' . $recent['ID'] . '">' . escape_title($recent['Title']) . '</a></li>'; } echo '</ul>'; } echo '</div>'; } else { echo sp; } echo '</td>' . n . '<td id="article-main">'; //-- title input -------------- if ($view == 'preview') { echo hed(gTxt('preview'), 2) . hed($Title, 1); } elseif ($view == 'html') { echo hed('XHTML', 2) . hed($Title, 1); } elseif ($view == 'text') { echo n . '<p><label for="title">' . gTxt('title') . '</label>' . sp . popHelp('title') . br . '<input type="text" id="title" name="Title" value="' . escape_title($Title) . '" class="edit" size="40" tabindex="1" />'; if ($step != 'create') { include_once txpath . '/publish/taghandlers.php'; $url = permlinkurl_id($ID); if ($Status != 4 and $Status != 5) { $url .= (strpos($url, '?') === FALSE ? '?' : '&') . 'txpreview=' . intval($ID) . '.' . time(); } echo sp . sp . '<a href="' . $url . '" class="article-view">' . gTxt('view') . '</a>'; } echo '</p>'; } //-- body -------------------- if ($view == 'preview') { if ($textile_body == USE_TEXTILE) { echo $textile->TextileThis($Body); } else { if ($textile_body == CONVERT_LINEBREAKS) { echo nl2br($Body); } else { if ($textile_body == LEAVE_TEXT_UNTOUCHED) { echo $Body; } } } } elseif ($view == 'html') { if ($textile_body == USE_TEXTILE) { $bod = $textile->TextileThis($Body); } else { if ($textile_body == CONVERT_LINEBREAKS) { $bod = nl2br($Body); } else { if ($textile_body == LEAVE_TEXT_UNTOUCHED) { $bod = $Body; } } } echo tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($bod)), 'code'); } else { echo n . graf('<label for="body">' . gTxt('body') . '</label>' . sp . popHelp('body') . br . '<textarea id="body" name="Body" cols="55" rows="31" tabindex="2">' . htmlspecialchars($Body) . '</textarea>'); } //-- excerpt -------------------- if ($articles_use_excerpts) { if ($view == 'text') { echo n . graf('<label for="excerpt">' . gTxt('excerpt') . '</label>' . sp . popHelp('excerpt') . br . '<textarea id="excerpt" name="Excerpt" cols="55" rows="5" tabindex="3">' . htmlspecialchars($Excerpt) . '</textarea>'); } else { echo n . '<hr width="50%" />'; echo $textile_excerpt == USE_TEXTILE ? $view == 'preview' ? graf($textile->textileThis($Excerpt)) : tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($textile->TextileThis($Excerpt))), 'code') : graf($Excerpt); } } //-- author -------------- if ($view == "text" && $step != "create") { echo '<p class="small">' . gTxt('posted_by') . ': ' . htmlspecialchars($AuthorID) . ' · ' . safe_strftime('%d %b %Y · %X', $sPosted); if ($sPosted != $sLastMod) { echo br . gTxt('modified_by') . ': ' . htmlspecialchars($LastModID) . ' · ' . safe_strftime('%d %b %Y · %X', $sLastMod); } echo '</p>'; } echo hInput('from_view', $view), '</td>'; echo '<td id="article-tabs">'; //-- layer tabs ------------------- echo $use_textile == USE_TEXTILE || $textile_body == USE_TEXTILE ? '<ul>' . (tab('text', $view) . tab('html', $view) . tab('preview', $view)) . '</ul>' : ' '; echo '</td>'; echo '<td id="article-col-2">'; if ($view == 'text') { if ($step != 'create') { echo n . graf(href(gtxt('create_new'), 'index.php?event=article')); } //-- prev/next article links -- if ($step != 'create' and ($prev_id or $next_id)) { echo '<p>', $prev_id ? prevnext_link('‹' . gTxt('prev'), 'article', 'edit', $prev_id, gTxt('prev')) : '', $next_id ? prevnext_link(gTxt('next') . '›', 'article', 'edit', $next_id, gTxt('next')) : '', '</p>'; } //-- status radios -------------- echo n . n . '<fieldset id="write-status">' . n . '<legend>' . gTxt('status') . '</legend>' . n . status_radio($Status) . n . '</fieldset>'; //-- category selects ----------- echo n . n . '<fieldset id="write-sort">' . n . '<legend>' . gTxt('sort_display') . '</legend>' . n . graf('<label for="category-1">' . gTxt('category1') . '</label> ' . '<span class="small">[' . eLink('category', '', '', '', gTxt('edit')) . ']</span>' . br . n . category_popup('Category1', $Category1, 'category-1')) . n . graf('<label for="category-2">' . gTxt('category2') . '</label>' . br . n . category_popup('Category2', $Category2, 'category-2')); //-- section select -------------- if (!$from_view && !$pull) { $Section = getDefaultSection(); } echo n . graf('<label for="section">' . gTxt('section') . '</label> ' . '<span class="small">[' . eLink('section', '', '', '', gTxt('edit')) . ']</span>' . br . section_popup($Section, 'section')) . n . '</fieldset>' . n . n . '<h3 class="plain"><a href="#more" onclick="toggleDisplay(\'more\'); return false;">' . gTxt('more') . '</a></h3>', '<div id="more" class="toggle" style="display:none">'; //-- comments stuff -------------- if ($step == "create") { //Avoiding invite disappear when previewing $AnnotateInvite = !empty($store_out['AnnotateInvite']) ? $store_out['AnnotateInvite'] : $comments_default_invite; if ($comments_on_default == 1) { $Annotate = 1; } } if ($use_comments == 1) { echo n . n . '<fieldset id="write-comments">' . n . '<legend>' . gTxt('comments') . '</legend>'; $comments_expired = false; if ($step != 'create' && $comments_disabled_after) { $lifespan = $comments_disabled_after * 86400; $time_since = time() - $sPosted; if ($time_since > $lifespan) { $comments_expired = true; } } if ($comments_expired) { echo n . n . graf(gTxt('expired')); } else { echo n . n . graf(onoffRadio('Annotate', $Annotate)) . n . n . graf('<label for="comment-invite">' . gTxt('comment_invitation') . '</label>' . br . fInput('text', 'AnnotateInvite', $AnnotateInvite, 'edit', '', '', '', '', 'comment-invite')); } echo n . n . '</fieldset>'; } if ($step == "create" and empty($GLOBALS['ID'])) { //-- timestamp ------------------- //Avoiding modified date to disappear $persist_timestamp = !empty($store_out['year']) ? safe_strtotime($store_out['year'] . '-' . $store_out['month'] . '-' . $store_out['day'] . ' ' . $store_out['hour'] . ':' . $store_out['minute'] . ':' . $store_out['second']) : time(); echo n . n . '<fieldset id="write-timestamp">' . n . '<legend>' . gTxt('timestamp') . '</legend>' . n . graf(checkbox('publish_now', '1', $publish_now, '', 'publish_now') . '<label for="publish_now">' . gTxt('set_to_now') . '</label>') . n . graf(gTxt('or_publish_at') . sp . popHelp('timestamp')) . n . graf(gtxt('date') . sp . tsi('year', '%Y', $persist_timestamp) . ' / ' . tsi('month', '%m', $persist_timestamp) . ' / ' . tsi('day', '%d', $persist_timestamp)) . n . graf(gTxt('time') . sp . tsi('hour', '%H', $persist_timestamp) . ' : ' . tsi('minute', '%M', $persist_timestamp) . ' : ' . tsi('second', '%S', $persist_timestamp)) . n . '</fieldset>'; //-- expires ------------------- $persist_timestamp = !empty($store_out['exp_year']) ? safe_strtotime($store_out['exp_year'] . '-' . $store_out['exp_month'] . '-' . $store_out['exp_day'] . ' ' . $store_out['exp_hour'] . ':' . $store_out['exp_minute'] . ':' . $store_out['second']) : NULLDATETIME; echo n . n . '<fieldset id="write-expires">' . n . '<legend>' . gTxt('expires') . '</legend>' . n . graf(gtxt('date') . sp . tsi('exp_year', '%Y', $persist_timestamp) . ' / ' . tsi('exp_month', '%m', $persist_timestamp) . ' / ' . tsi('exp_day', '%d', $persist_timestamp)) . n . graf(gTxt('time') . sp . tsi('exp_hour', '%H', $persist_timestamp) . ' : ' . tsi('exp_minute', '%M', $persist_timestamp) . ' : ' . tsi('exp_second', '%S', $persist_timestamp)) . n . '</fieldset>' . n . n . '</div>'; //-- publish button -------------- echo has_privs('article.publish') ? fInput('submit', 'publish', gTxt('publish'), "publish", '', '', '', 4) : fInput('submit', 'publish', gTxt('save'), "publish", '', '', '', 4); } else { //-- timestamp ------------------- if (!empty($year)) { $sPosted = safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); } echo n . n . '<fieldset id="write-timestamp">' . n . '<legend>' . gTxt('timestamp') . '</legend>' . n . graf(checkbox('reset_time', '1', $reset_time, '', 'reset_time') . '<label for="reset_time">' . gTxt('reset_time') . '</label>') . n . graf(gTxt('published_at') . sp . popHelp('timestamp')) . n . graf(gtxt('date') . sp . tsi('year', '%Y', $sPosted) . ' / ' . tsi('month', '%m', $sPosted) . ' / ' . tsi('day', '%d', $sPosted)) . n . graf(gTxt('time') . sp . tsi('hour', '%H', $sPosted) . ' : ' . tsi('minute', '%M', $sPosted) . ' : ' . tsi('second', '%S', $sPosted)) . n . hInput('sPosted', $sPosted), n . hInput('sLastMod', $sLastMod), n . hInput('AuthorID', $AuthorID), n . hInput('LastModID', $LastModID), n . '</fieldset>'; //-- expires ------------------- if (!empty($exp_year)) { if (empty($exp_month)) { $exp_month = 1; } if (empty($exp_day)) { $exp_day = 1; } if (empty($exp_hour)) { $exp_hour = 0; } if (empty($exp_minute)) { $exp_minute = 0; } if (empty($exp_second)) { $exp_second = 0; } $sExpires = safe_strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second); } echo n . n . '<fieldset id="write-expires">' . n . '<legend>' . gTxt('expires') . '</legend>' . n . graf(gtxt('date') . sp . tsi('exp_year', '%Y', $sExpires) . ' / ' . tsi('exp_month', '%m', $sExpires) . ' / ' . tsi('exp_day', '%d', $sExpires)) . n . graf(gTxt('time') . sp . tsi('exp_hour', '%H', $sExpires) . ' : ' . tsi('exp_minute', '%M', $sExpires) . ' : ' . tsi('exp_second', '%S', $sExpires)) . n . hInput('sExpires', $sExpires) . n . '</fieldset>' . n . n . '</div>'; //-- save button -------------- if ($Status >= 4 and has_privs('article.edit.published') or $Status >= 4 and $AuthorID == $txp_user and has_privs('article.edit.own.published') or $Status < 4 and has_privs('article.edit') or $Status < 4 and $AuthorID == $txp_user and has_privs('article.edit.own')) { echo fInput('submit', 'save', gTxt('save'), "publish", '', '', '', 4); } } } echo '</td></tr></table></form>'; }
$create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'file_max_upload_size', '2000000', 1, 'admin', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'file_list_pageby', '25', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'path_to_site', '', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'article_list_pageby', '25', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'link_list_pageby', '25', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'image_list_pageby', '25', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'log_list_pageby', '25', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'comment_list_pageby', '25', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'permlink_mode', '" . doSlash($permlink_mode) . "', 0, 'publish', 'permlinkmodes', 90, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'comments_are_ol', '1', 0, 'comments', 'yesnoradio', 150, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'is_dst', '0', 0, 'publish', 'yesnoradio', 60, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'locale', 'en_GB.UTF-8', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'tempdir', '" . doSlash(find_temp_dir()) . "', 1, 'admin', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'file_base_path', '" . doSlash(dirname(txpath) . DS . 'files') . "', 1, 'admin', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'blog_uid', '" . $prefs['blog_uid'] . "', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'blog_mail_uid', '" . doSlash(ps('email')) . "', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'blog_time_uid', '2005', 2, 'publish', 'text_input', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'edit_raw_css_by_default', '1', 1, 'css', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'allow_page_php_scripting', '1', 1, 'publish', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'allow_article_php_scripting', '1', 1, 'publish', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'allow_raw_php_scripting', '0', 1, 'publish', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'textile_links', '0', 1, 'link', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'show_article_category_count', '1', 2, 'category', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'show_comment_count_in_feed', '1', 1, 'publish', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'syndicate_body_or_excerpt', '1', 1, 'publish', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'include_email_atom', '1', 1, 'publish', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'comment_means_site_updated', '1', 1, 'publish', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'never_display_email', '0', 1, 'publish', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'comments_require_name', '1', 1, 'comments', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'comments_require_email', '1', 1, 'comments', 'yesnoradio', 0, '')"; $create_sql[] = "INSERT INTO `" . PFX . "txp_prefs` VALUES (1, 'articles_use_excerpts', '1', 1, 'publish', 'yesnoradio', 0, '')";
function css_delete() { $name = ps('name'); $count = safe_count('txp_section', "css = '" . doSlash($name) . "'"); if ($count) { $message = gTxt('css_used_by_section', array('{name}' => $name, '{count}' => $count)); } else { safe_delete('txp_css', "name = '" . doSlash($name) . "'"); $message = gTxt('css_deleted', array('{name}' => $name)); } css_edit($message); }
/** * Remove all language strings for the given lang code. * * Removed language code is specified with 'lang_code' HTTP POST * parameter. */ function remove_language() { $lang_code = ps('lang_code'); $ret = safe_delete('txp_lang', "lang = '" . doSlash($lang_code) . "'"); if ($ret) { callback_event('lang_deleted', '', 0, $lang_code); $msg = gTxt($lang_code) . sp . gTxt('deleted'); } else { $msg = gTxt('cannot_delete', array('{thing}' => $lang_code)); } list_languages($msg); }
function section_multi_edit() { global $txp_user, $all_pages, $all_styles; $selected = ps('selected'); if (!$selected or !is_array($selected)) { return sec_section_list(); } $method = ps('edit_method'); $changed = array(); $key = $msg = ''; switch ($method) { case 'delete': return section_delete($selected); break; case 'changepage': $val = ps('uses_page'); if (in_array($val, $all_pages)) { $key = 'page'; } break; case 'changecss': $val = ps('css'); if (in_array($val, $all_styles)) { $key = 'css'; } break; case 'changeonfrontpage': $key = 'on_frontpage'; $val = (int) ps('on_frontpage'); break; case 'changesyndicate': $key = 'in_rss'; $val = (int) ps('in_rss'); break; case 'changesearchable': $key = 'searchable'; $val = (int) ps('searchable'); break; default: $key = ''; $val = ''; break; } $selected = safe_column('name', 'txp_section', "name IN ('" . join("','", doSlash($selected)) . "')"); if ($selected and $key) { foreach ($selected as $id) { if (safe_update('txp_section', "{$key} = '" . doSlash($val) . "'", "name = '" . doSlash($id) . "'")) { $changed[] = $id; } } $msg = gTxt('section_updated', array('{name}' => join(', ', $changed))); } return sec_section_list($msg); }
function event_multi_edit($table, $id_key) { $method = ps('edit_method'); $selected = ps('selected'); if ($selected) { if ($method == 'delete') { foreach ($selected as $id) { $id = assert_int($id); if (safe_delete($table, "{$id_key} = {$id}")) { $ids[] = $id; } } return join(', ', $ids); } } return ''; }
function article_delete() { $dID = ps('dID'); $rs = safe_delete("textpattern", "ID={$dID}"); if ($rs) { article_list(messenger('article', $dID, 'deleted'), 1); } }
function createTxp() { $GLOBALS['textarray'] = setup_load_lang(ps('lang')); if (!is_valid_email(ps('email'))) { exit(graf(gTxt('email_required'))); } require txpath . '/config.php'; $ddb = $txpcfg['db']; $duser = $txpcfg['user']; $dpass = $txpcfg['pass']; $dhost = $txpcfg['host']; $dprefix = $txpcfg['table_prefix']; $dbcharset = $txpcfg['dbcharset']; $siteurl = str_replace("http://", '', ps('siteurl')); $siteurl = rtrim($siteurl, "/"); define("PFX", trim($dprefix)); define('TXP_INSTALL', 1); include_once txpath . '/lib/txplib_update.php'; include txpath . '/setup/txpsql.php'; // This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string extract(doSlash(psa(array('name', 'pass', 'RealName', 'email')))); $nonce = md5(uniqid(rand(), true)); mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}',password(lower('{$pass}')),'{$RealName}','{$email}',1,now(),'{$nonce}')"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'"); echo fbCreate(); }
function admin_multi_edit() { global $txp_user; require_privs('admin.edit'); $selected = ps('selected'); $method = ps('edit_method'); $changed = array(); if (!$selected or !is_array($selected)) { return admin(); } $names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'"); if (!$names) { return admin(); } switch ($method) { case 'delete': if (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) { $changed = $names; $msg = 'author_deleted'; } break; case 'changeprivilege': global $levels; $privilege = ps('privs'); if (!isset($levels[$privilege])) { return admin(); } if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) { $changed = $names; $msg = 'author_updated'; } break; case 'resetpassword': $failed = array(); foreach ($names as $name) { $passwd = generate_password(6); if (safe_update('txp_users', "pass = password(lower('" . doSlash($passwd) . "'))", "name = '" . doSlash($name) . "'")) { } $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); if (send_new_password($passwd, $email, $name)) { $changed[] = $name; $msg = 'author_updated'; } else { return admin(gTxt('could_not_mail') . ' ' . htmlspecialchars($name)); } } break; } if ($changed) { return admin(gTxt($msg, array('{name}' => htmlspecialchars(join(', ', $changed))))); } admin(); }